| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3782338a-6491-dc35-7c66-97b91a20df0d@de.ibm.com>
Date: Thu, 16 Jul 2020 13:19:55 +0200
From: Christian Borntraeger <borntraeger@...ibm.com>
To: "Michael S. Tsirkin" <mst@...hat.com>,
Jason Wang <jasowang@...hat.com>
Cc: Pierre Morel <pmorel@...ux.ibm.com>, linux-kernel@...r.kernel.org,
pasic@...ux.ibm.com, frankja@...ux.ibm.com, cohuck@...hat.com,
kvm@...r.kernel.org, linux-s390@...r.kernel.org,
virtualization@...ts.linux-foundation.org, thomas.lendacky@....com,
david@...son.dropbear.id.au, linuxram@...ibm.com,
hca@...ux.ibm.com, gor@...ux.ibm.com
Subject: Re: [PATCH v7 2/2] s390: virtio: PV needs VIRTIO I/O device
protection
On 15.07.20 13:51, Michael S. Tsirkin wrote:
> On Wed, Jul 15, 2020 at 06:16:59PM +0800, Jason Wang wrote:
>>
>> On 2020/7/15 下午5:50, Michael S. Tsirkin wrote:
>>> On Wed, Jul 15, 2020 at 10:31:09AM +0200, Pierre Morel wrote:
>>>> If protected virtualization is active on s390, the virtio queues are
>>>> not accessible to the host, unless VIRTIO_F_IOMMU_PLATFORM has been
>>>> negotiated. Use the new arch_validate_virtio_features() interface to
>>>> fail probe if that's not the case, preventing a host error on access
>>>> attempt.
>>>>
>>>> Signed-off-by: Pierre Morel <pmorel@...ux.ibm.com>
>>>> Reviewed-by: Cornelia Huck <cohuck@...hat.com>
>>>> Acked-by: Halil Pasic <pasic@...ux.ibm.com>
>>>> Acked-by: Christian Borntraeger <borntraeger@...ibm.com>
>>>> ---
>>>> arch/s390/mm/init.c | 28 ++++++++++++++++++++++++++++
>>>> 1 file changed, 28 insertions(+)
>>>>
>>>> diff --git a/arch/s390/mm/init.c b/arch/s390/mm/init.c
>>>> index 6dc7c3b60ef6..d39af6554d4f 100644
>>>> --- a/arch/s390/mm/init.c
>>>> +++ b/arch/s390/mm/init.c
>>>> @@ -45,6 +45,7 @@
>>>> #include <asm/kasan.h>
>>>> #include <asm/dma-mapping.h>
>>>> #include <asm/uv.h>
>>>> +#include <linux/virtio_config.h>
>>>> pgd_t swapper_pg_dir[PTRS_PER_PGD] __section(.bss..swapper_pg_dir);
>>>> @@ -161,6 +162,33 @@ bool force_dma_unencrypted(struct device *dev)
>>>> return is_prot_virt_guest();
>>>> }
>>>> +/*
>>>> + * arch_validate_virtio_features
>>>> + * @dev: the VIRTIO device being added
>>>> + *
>>>> + * Return an error if required features are missing on a guest running
>>>> + * with protected virtualization.
>>>> + */
>>>> +int arch_validate_virtio_features(struct virtio_device *dev)
>>>> +{
>>>> + if (!is_prot_virt_guest())
>>>> + return 0;
>>>> +
>>>> + if (!virtio_has_feature(dev, VIRTIO_F_VERSION_1)) {
>>>> + dev_warn(&dev->dev,
>>>> + "legacy virtio not supported with protected virtualization\n");
>>>> + return -ENODEV;
>>>> + }
>>>> +
>>>> + if (!virtio_has_feature(dev, VIRTIO_F_IOMMU_PLATFORM)) {
>>>> + dev_warn(&dev->dev,
>>>> + "support for limited memory access required for protected virtualization\n");
>>>> + return -ENODEV;
>>>> + }
>>>> +
>>>> + return 0;
>>>> +}
>>>> +
>>>> /* protected virtualization */
>>>> static void pv_init(void)
>>>> {
>>> What bothers me here is that arch code depends on virtio now.
>>> It works even with a modular virtio when functions are inline,
>>> but it seems fragile: e.g. it breaks virtio as an out of tree module,
>>> since layout of struct virtio_device can change.
>>
If you prefer that, we can simply create an arch/s390/kernel/virtio.c ?
Powered by blists - more mailing lists